[Date Prev][Date Next]
RE: Attribute Name Length Bounds
Jim Sermersheim wrote:
> I also see that we could just add "or exceed server limits" to the end of
the phrase "or the
> encoding structures or lengths of data fields are found to be incorrect"
in the first
> paragraph. But I'm not sure...
> This section talks about data that is either malformed or cannot be/is not
recognized, so it
> seems like a good fit. It splits the problems into two classes (those that
> connection to terminate, and those that simply return protocolError).
> Adding the change above causes a connection termination. The change Bob
suggests allows one
> to differentiate between something that looks like an attack (say some
size is 20gb), and
> something that simply exceeds a small limit, and act accordingly.
> Which seems more correct to others (and do both seem incorrect to anyone)?
Returning protocolError in response to a limitation in the server does not
seem appropriate to me. A protocolError suggests that the client has done
something wrong when in fact it is the server that has the problem. The
unwillingToPerform error is more appropriate in such circumstances.